[Spivak]

Yeah I’m kinda confused with the huge amount of anger surrounding this. Yes the text is scary, and it’s scary because being made aware that governments do have the power to make pretty much everyone turn over information they have on you isn’t fun. But this really isn’t Audacity’s problem specific.

[Nextgrid]

> governments do have the power to make pretty much everyone turn over information they have on you isn’t fun

Unless you do not collect said information in the first place.

[pjmlp]

There are plenty of ways to collect said information, it isn't a couple of log files that are going to save anyone.

Try to live in a society where everyone, including your closest family members, might collect such information.

https://en.wikipedia.org/wiki/PIDE

[Nextgrid]

This still requires the adversary to coerce your friends/family members into snitching on you - it involves effort and risk for them and doesn't scale.

Compromising a telemetry server is a one-off operation, would work at scale and is much less risky as the targets have no way to detect it.

[pjmlp]

Some never needed to be coerced, that is the whole issue.

[_d7dt]

With that, I would say good luck troubleshooting your server if you don't collect any logs whatsoever. I wonder how you would even protect against bruteforcing and DDOS attacks if you never stored IP addresses for any amount of time.

[Nextgrid]

But unlike a server, a desktop app isn't vulnerable to any of those issues that would require logs to defend against.

[_d7dt]

The issue here is that the server you downloaded the desktop app from is. You can reduce the amount of this you have to deal with by shipping a native app, but you can't get rid of it entirely as long as you plan to host a web site or a download of something, or if you plan to let users communicate useful things back to you (such as their hardware specs, OS version, crash reports, usage patterns, etc).

[_d7dt]

I'm personally not confused, just disappointed. Sadly I've seen far too many FOSS discussions that become overrun with irrationally paranoid rhetoric, sometimes bordering on the reactionary. This stuff is nothing new. You'd think that with the ability to quickly check the code and recompile it to get rid of any unwanted bits, that would make this kind of attitude go away, but for whatever reason it only seems to make it worse.

[duped]

It's usually what happens when a software project has a lawyer involved. Copy left spooks people, anonymous contributions that may or may not be licensed spook people, lack of a privacy policy spooks people, etc.

[zxzax]

In my opinion, if it's desired to have FOSS driven by individual contributors, the legal education aspect for each contributor is just as important as the contributors knowing how to code. Sadly I think some projects are way behind on that.

[fartcannon]

They are! They've forked it. Now you and like-minded folks here can use the spyware version, and the rest of us will use the clean one.

[_d7dt]

Please don't do this, this is needlessly divisive. You don't have to make these (incorrect) assumptions about me and what I will use.

[fartcannon]

The division happened when they added telemetry to Audacity. Forking it is the only move forward. Time will judge the projects on their own merits. In the meantime, we can all at least rest well knowing the chance to defend against greed is available to us because of FOSS.

[_d7dt]

I understand that you feel upset that they added something that you didn't want, but you don't have to continue adding to the division and cynicism. Forking is not the only move, and I would actually suggest against it -- what you want is simply a build with the telemetry disabled. I don't think you want to throw away any other new features that aren't related to the telemetry (and in fact, you may still be able to indirectly benefit from it that way if it leads to some valuable product insights from them). So characterizing this as greed seems to not make so much sense. If they were getting super rich off this and not making any other improvements then maybe you could say that, and I would join you in saying hey, something's not right here, but that doesn't seem to be the case.

[fartcannon]

No, that's much worse. Then we'd exhaust our devs playing wack-a-mole.

[kevin_thibedeau]

Complacency about these things is how our freedoms get eroded. At some point these organizations need to be called out for such behavior to send a message to the rest of the corporate world looking to sink their claws into OSS acquisitions.

[_d7dt]

This specific complaint seems to be about data privacy, not about a freedom being eroded.

Also, since you can fork it, as has been previously mentioned, there seems to be no purpose in objecting to this type of FOSS acquisition. Worst case, the project ends as it was before the acquisition, with no corporate support or funding whatsoever, at which point it seems it won't make any difference whether there was a complaint or not.

[kevin_thibedeau]

It's about using legal threats to bully others and justify unethical behavior.

[_d7dt]

Specifically, which legal threats and unethical behavior are you referring to?